This VPN service used by ransomware gangs was just taken down by police

'The golden age of criminal VPNs is over,' says head of Europol's cybercrime centre.
Written by Danny Palmer, Senior Writer

An underground virtual private network (VPN) service used by cyber criminals to hide their activities while conducting ransomware attacks, phishing campaigns and other malicious hacking operations has been taken down in a major international law enforcement operation.

DoubleVPN offered users the ability to mask their locations and identities, allowing cyber criminals to carry out activities anonymously, according to police.

Now its servers and web domains have been seized by a coordinated law enforcement takedown led by the the Dutch National Police (Politie) and involving agencies including Europol's European Cybercrime Centre (EC3), Eurojust, the FBI, and the UK National Crime Agency.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)   

DoubleVPN was heavily advertised across Russian and English-speaking dark web cybercrime forums as means for criminals, including ransomware gangs and phishing operations, to hide their activities, according to Europol. The cheapest VPN connection on offer cost just $25, while more expensive services offered what's described as double, triple and even quadruple VPN connections to criminal clients.

Servers hosting DoubleVPN around the world have been seized and web domains relating to the service have been replaced with a takedown notice, reading: "On 29th of June 2021, law enforcement took down DoubleVPN. Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers. Double VPN's owners failed to provide the services they promised."

Dutch public prosecutor Wieteke Koorn said: "This criminal investigation concerns perpetrators who think they can remain anonymous, while facilitating large-scale cybercrime operations.

"By taking legal action, including the special investigatory power for digital intrusion, we want to make it very clear there cannot be any safe havens for these kind of criminals. Their criminal acts damage the digitalised society and erode the trust of citizens and companies in digital technologies, therefore their behaviour has to be stopped," she added.

The joint operation involved more than 30 coordination meetings and four workshops to prepare for the final stage of the takedown that was organised on the day the via virtual command post was set up by Europol.

SEE: Ransomware: Paying up won't stop you from getting hit again, says cybersecurity chief

"Law enforcement is most effective when working together and today's announcement sends a strong message to the criminals using such services: the golden age of criminal VPNs is over. Together with our international partners, we are committed to getting this message across loud and clear," said Edvardas Šileris, head of Europol's EC3.

Law enforcement services from Germany, Canada, Sweden, Italy, Bulgaria and Switzerland also participated in the takedown, which was was carried out following the the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).


Editorial standards